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The Patent Claims (reproduced here with the lines numbered.) 



1 1 . (Original) A method for auditing the security of an enterprise includmg plural 

2 nodes comprising: 

3 collecting security information from the nodes of the enterprise under audit; 

4 analyzing the security information and providing a first result of this analysis; and 

5 comparing this first result with a second result comprising security standards 

6 applicable to the enterprise under audit and one or more other enterprises that together form a 

7 relevant peer group, the result of this comparing step indicating the relative security of the 

8 enterprise under audit relative to that of the peer group of enterprises. 

1 2. (Original) The method of claim 1 wherein, in the comparing step, the second 

2 result comprises information derived from industry standards applicable to the relevant peer 

3 group of enterprises. 

1 3. (Original) The method of claim 1 wherein, in the comparing step, the second 

2 result comprises information derived from information previously obtained through 

3 application of the collecting and analyzing steps to two or more enterprises in the relevant 

4 peer group. 

1 4. (Original) The method of claim 1 , ftuther comprising the step of generating at 

2 least one report that presents the first and second results arranged in a way that facilitates 

3 their comparison. 

1 5. (Original) The method of claim 4 wherein the generating step includes presenting 

2 the first and second results each broken down into several results relating to several different 

3 areas of seciu-ity, with a first and a second result presented for each different area of security 

4 and arranged in a \yay that facilitates their comparison. 

1 6. (Original) The method of claim 5 wherein, in the generating step, the results 

2 relating to several different areas of security comprise results arising from analysis of 

3 personnel security information and physical security information, at least some of the 

4 information included in the first result having been gathered using interviews during the 

5 collecting step. 
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1 7. (Original) The method of claim 5 wherein, in the generating step, the results 

2 relating to several different areas of security comprise results arising from analysis of 

3 password security information and file access permission security information. 

1 8. (Original) The method of claim 7 wherein, in the generating step, the results 

2 relating to several different areas of security further comprise results arising from analysis of 

3 personnel security information and physical security information, at least some of the 

4 information included in the first result having been gathered using interviews during the 

5 collecting step. 

1 9. (Original) The method of claim 5 wherein, in the generating step, the several 

2 different areas of security comprise one or more results of analysis of node configuration 

3 security information and one or more results of analysis of security information gathered 

4 using interviews. 

1 10. (Original) The method of claim 9 wherein, in the generating step, the one or 

2 more results of analysis of node configuration security information comprise results arising 

3 from analysis of password security information. 

1 11. (Original) The method of claim 9 wherein, in the generating step, the one or 

2 more results of analysis of node configuration security information comprises results arising 

3 from analysis of file access permission security information. 

1 12, (Original) The method of claim 4, wherein the generating step generates at least 

2 two comparative reports in different formats for different requesting parties or uses, and in 

3 particular one for technical experts that includes technical language and details and another 

4 for non-technical-experts that substantially excludes technical language and details. 

1 13. (Original) The method of claim 1 , to which is added: 

2 generating and executing commands to alter the security information of one or more 

3 nodes to improve system security in at least some cases when the analysis or comparison or 

4 both indicate security is in need of improvement. 

1 14. (Original) The method of claim 13, further comprising; 

2 generating at least one report that presents the first and second results arranged in a 

3 way that facilitates their comparison. 
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1 15. (Original) The method of claim 13 wherein the generating commands step 

2 generates commands which force the deactivation or correction of one or more passwords 

3 when the analysis or comparison or both indicate that these one or more passwords are not 

4 sufficiently secure. 

1 16. (Original) The method of claim 13 wherein the generating conmiands step 

2 generates conmiands which force alteration of one or more configuration file or control file 

3 access permissions if the analysis or comparison or both indicate that the access permissions 

4 assigned to these one or more files do not provide adequate system security. 

1 17. (Original) A system for auditing the security of an enterprise comprising: 

2 a plurality of nodes within the enterprise under audit; 

3 collectors associated with the nodes and arranged to collect from the nodes 

4 information concerning the security of the enterprise under audit; 

5 a security analyzer arranged to analyze the information concerning the security of the 

6 enterprise under audit and to provide a first result of this analysis; 

7 a data base containing a second result comprising security standards applicable to the 

8 enterprise under audit and one or more other enterprises that together form a relevant peer 

9 group; and 

10 a comparison mechanism arranged to compare the first and second results to 

1 1 determine the relative security of the enterprise under audit in comparison to that of the 

12 enterprises in the relevant peer group. 

1 18. (Original) A system in accordance with claim 17 to which is added: 

2 a report generator that generates at least one report which presents the first and second 

3 results arranged each broken down into several results relating to several different areas of 

4 security, with a first and second result presented for each different area of security and 

5 arranged in a way that facilitates their comparison. 

1 19. (Original) A system in accordance with claim 17 to which is added: 

2 change agents associated with the nodes and able to execute commands that alter node 

3 configuration information; and 
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4 a command generator that provides commands to the change agents on selected nodes 

5 to alter node configuration information to improve system security in response to the analyzer 

6 or comparison mechanism or both determining security improvements are needed. 

1 20. (Original) A system in accordance with claim 19 wherein the command 

2 generator includes a mechanism that can generate commands which, when executed, cause 

3 one or more of the change agents to force the deactivation or correction of one or more secure 

4 passwords if the security analyzer or comparison mechanism or both determine that one or 

5 more passwords are not sufficiently secure. 

1 21. (Currently Amended) A system in accordance with claim 1 9 wherein the 

2 command generator includes included a mechanism that can generate commands which, 

3 when executed, cause one or more of the change agents to force the alteration of the access 

4 permissions of one or more configuration files or control files if the security analyzer or 

5 comparison mechanism or both determine that the access permissions assigned to one or 

6 more such files do not provide sufficient security. 

1 22. (Original) A system for auditing the security of an enterprise comprising: 

2 a plurality of nodes within an enterprise under audit; 

3 collector means associated with the nodes for collecting information from the nodes 

4 concerning the security of the enterprise under audit; 

5 security analyzer means for analyzing the information conceming the security of the 

6 enterprise imder audit and for providing a first result of this analysis; 

7 data base means for storing and for presenting a second result comprising security 

8 standards applicable to the enterprise under audit and one or more other enterprises that 

9 together form a relevant peer group; and 

1 0 comparison means for comparing the first and second results to determine the relative 

1 1 security of the enterprise imder audit in comparison to that of the enterprises in the relevant - 

12 peer group. 

1 23. (Currently Amended) A system in accordance with claim 22 to which is added 

2 report generation means for generating at least one report which presents the first and 

3 second results each broken down into several results relating to several different areas of 

4 security, with vvhith a first and second result presented for each different area of security and 

5 arranged in a way that facilitates their comparison. 
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1 24. (Original) A system in accordance with claim 22 to which is added 

2 change agent means associated with the nodes for executing commands that alter 

3 node configuration information; and 

4 command generator means for providing commands to the change agent means on 

5 selected nodes as needed to alter system configuration information to improve system 

6 security in response to the security analyzer means or the comparison means or both 

7 determining that security improvements are needed. 
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